Updated Specification Issued for PIV Card Implementations

This smart chip on a Personal Identity Verification (PIV) card holds two fingerprint biometrics, a unique number that identifies the individual within the PIV system, a PIN number that never leaves the card and a cryptographic key that is used to authenticate the cardholder to the PIV system.

National Institute of Standards and Technology (NIST) scientists have released an updated technical specification for Personal Identity Verification (PIV) cards that are being phased in by federal departments and agencies for use by their employees and contractors. The technical specification updates the specifications issued in 2006 and will assist federal departments and agencies that are implementing the PIV system and the vendors and system integrators that supply PIV system components and services.

All federal government employees and contractors will soon be required to use PIV cards to access federal facilities and information systems, according to Homeland Security Presidential Directive 12. NIST is responsible for providing the technical specification for the PIV cards—smart cards that securely store data such as fingerprint templates and a facial image that are used to verify the cardholder’s identity.

NIST Special Publication 800-73-2, Interfaces for Personal Identity Verification, details what data objects are stored on the PIV card, how they are encoded and how to retrieve and use the data objects from the PIV card. SP 800-73-2 incorporates errata from the previous version, SP 800-73-1, and aligns the card’s cryptographic capabilities with the cryptographic specifications issued in SP 800-78-1, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, published in 2007.

For convenience, SP 800-73-2 is being issued in four parts to align with different segments of the industry. These are: